The newly discovered backdoor1 in the XZ Utils package2 affecting numerous Linux distributions3 and assigned CVE-2024-30944 is being dismissed by some members of the technology and security communities as yet another supply chain attack; relevant only because of how blatant it was and that it affected the Open Source ecosystem but in essence nothing out of the ordinary. Regardless of whether this perspective is gaining traction due to cynicism, as hyperbole for clicks or as a coping mechanism...| Jayson Salazar Rodriguez | @jdsalaro | Blog
North Korea's Lazarus hacker group compromised the Safe wallet frontend and pulled off a 1.4 billion dollar heist. It could happen again, but this time through GitHub.| Adnan Khan
In this post, I demonstrate Cacheract, which is an open source proof-of-concept for “Cache Native Malware’ that exploits GitHub Actions cache misconfigurations.| Adnan Khan's Blog
What if there was a supply chain attack that could provide an attacker with direct access to core infrastructure within thousands of companies worldwide. What if that attack required no social engi…| Adnan Khan's Blog
GitHub Actions caching has some insecure design decisions that allow for some unique attacks. It’s considered working as intended, but there are many ways it can go wrong. Learn how I identif…| Adnan Khan's Blog
Learn about how I used a custom tool to find a Google-owned repository vulnerable to GitHub Actions Poisoned Pipeline Execution Attack and earned a $7,500 bug bounty!| Adnan Khan's Blog
Web3 has a weakness, and that is CI/CD security. Learn how I responsibly disclosed a Critical vulnerability in Astar Network’s GitHub repository that would have allowed attackers to conduct a…| Adnan Khan's Blog